AI Literacy: what it is, why you need to address it now, and how to do it

A marketing employee at a mid-sized financial services company was tasked with writing a series of blogs and social media posts about new, complex pension schemes. With a tight deadline, she decided to use a well-known generative AI tool. Within two months, she produced 40% more content than before. But the real win wasn't the speed; it was her approach.

Because her organisation had invested in AI literacy, she didn't fall into the familiar traps. She didn't upload internal customer cases or sensitive financial projections, because she knew that public models can use that data for training. When the AI produced a fluent paragraph about a specific tax exemption, she didn't simply accept it; she checked the details with the legal department and corrected a critical error in the model's calculation. And she used the AI as a hyperactive sparring partner for drafts and titles, but rewrote the final texts herself to keep the tone human and aligned with the brand.

This is what AI literacy means in practice. Not "knowing that ChatGPT exists". Not "remembering a handy prompt". But knowing what the tool can and cannot do, where to deploy it, and where to pause. And since 2 February 2025, it's also a legal requirement for every organisation that uses AI within the European Union.

TL;DR. AI literacy is the ability of employees to use AI responsibly, effectively, and critically: knowing what AI can and cannot do, prompting precisely, understanding the tools landscape, recognising practical applications, and dealing with risks around privacy, hallucinations, and legislation. Since February 2025, the EU AI Act requires organisations to train their employees in this. This guide explains the five core skills, what often goes wrong, and how to address this in your organisation.

What is AI literacy exactly?

The European Commission defines AI literacy as "the skills, knowledge, and understanding that enable people to deploy AI systems in an informed way, as well as to be aware of its opportunities and risks." That sounds abstract. In practice, it comes down to five concrete skills:

1. Conceptually understanding what AI is, and what it is not.
2. Prompting effectively.
3. Knowing the tools landscape.
4. Recognising practical applications, including what AI cannot do.
5. Responsible use: privacy, ethics, hallucinations, and legislation.

We'll work through them below. First: why this has suddenly become a topic that managers and HR departments need on their agenda.

Why this matters now

Search volumes for "EU AI Act" have risen 50% over the past year in the Netherlands. "AI literacy" has risen at the same rate. That's no coincidence. Three developments are converging:

1. AI has moved from trial balloon to workplace reality. Where two years ago only early adopters were playing with ChatGPT, today a large share of office workers uses AI daily; often unnoticed by management. This is called "shadow AI" and it's more rule than exception.

2. The EU AI Act has come into force. Since 2 February 2025, Article 4 applies: organisations that deploy AI systems or allow employees to use them must ensure those employees are "sufficiently AI literate". The penalties are substantial, up to 3% of annual worldwide turnover or 15 million euros, whichever is higher.

3. Companies can no longer move fast enough. AI developments are so fast that formal policies, guidelines, and training programs are outdated before they're rolled out. The result: employees improvise, and management has no visibility.

None of these three stands alone. Together they form the situation every organisation is now in, whether they act on it or not.

The 5 skills that matter

1. Conceptually understanding what AI is (and is not)

The biggest pitfall in every AI introduction: employees treat a large language model as a database, a search engine, or a person. It is none of those. It's a statistical model that predicts words based on patterns in training data. No truth, no understanding, no memory between sessions (unless explicitly enabled).

Anyone who doesn't grasp this conceptually can't avoid two mistakes: too much trust ("it's written there, so it's correct") and too little trust ("that thing is just guessing"). Both lead to wrong usage.

2. Effective prompting

A good prompt isn't a question, it's a briefing. Those who tell the AI: what they need, for whom, in what style, with what constraints, and which examples work well, get something usable. Those who only say "write text about X" get bland, generic output.

Effective prompting is a skill people underestimate as "something you pick up naturally". That's partly true; by using AI a lot you get better. But the learning curve is much steeper if you know a few principles: assign a role, provide context, specify output format, and iteratively refine.

3. Knowing the tools landscape

Many business users in the Netherlands first encounter AI through Microsoft Copilot. That has an unintended side effect: they see AI as "a feature within the Office package". But there's a world of tools beyond Copilot: Le Chat from Mistral AI (European), ChatGPT from OpenAI, Claude from Anthropic, Gemini from Google, and hundreds of specialised tools for research, summarisation, image generation, code, legal work, and much more.

Knowing which tool is suitable when often makes a multifold difference in productivity. Using a general chatbot for a task where a specialised tool works better is like building a house with a hammer.

4. Recognising practical applications (and what AI cannot do)

Not every task is suitable for AI. A few examples where it usually works well: drafting text, summarising, generating code snippets, extracting structured data from unstructured text, improving translations, brainstorming.

But there are clear limits. AI is not reliable for: factual statements without verification, processing personal data in public models, legal or financial calculations that must be exact, or decisions requiring accountability. The question is not "do we use AI?" but "for what yes, for what no, and how do we maintain quality?".

5. Responsible use: privacy, ethics, hallucinations, and legislation

Here several things come together that often get conflated in practice:

• Privacy. What you paste into a public AI tool can be used to train the model further. Customer data, source code, business secrets, personal health information; none of it should be casually dropped into a free ChatGPT account. The rule: when in doubt, don't, or take a business subscription with data protection.
• Hallucinations. AI models invent facts that sound credible. A source that doesn't exist. A legal article with a fabricated number. A calculation with a plausible but wrong result. Critically checking output isn't a luxury, it's a basic skill.
• Ethics and bias. AI models reflect biases in their training data. Decisions about people based on AI output can come out unevenly in ways you don't directly see. For HR applications, customer selection, or risk assessments, that's a serious concern.
• Legislation. The EU AI Act, GDPR, and sector-specific rules (financial sector, healthcare, government) impose requirements on how AI may be used. Those who don't know this take unintended risks.

What we often see go wrong in organisations

In the organisations we work with, the same patterns recur. Four that come up most often:

1. Employees have no basic grasp of what AI is

Many employees use AI without even broadly understanding what happens under the hood. The result is two-sided: they don't recognise the power (so they deploy it too narrowly), nor the dangers (so they walk into them unknowingly). Hallucinations aren't recognised as such. Privacy risks aren't tangible. Output gets taken as proven fact.

What we recommend: don't start with "which tool should we choose" but with "what is AI actually". An hour of basics about what a language model is and how it works prevents years of wrong use.

2. Copilot as the only frame of reference

Because many Dutch businesses have contracts with Microsoft, Microsoft Copilot is the first and only AI tool many business users encounter. The side effect: they see AI as "a feature within the Office package" rather than a fundamentally new technology with a broad landscape of tools.

What we recommend: have employees work comparatively. The same task in Copilot, ChatGPT, and Claude, and discuss the differences. That opens horizons and makes people more critical about which tool fits which job.

3. Shadow AI with free accounts

Many employees use free accounts of ChatGPT, Gemini, or other tools, at home and at work. They sometimes add highly sensitive business information without realising that much of that data is also used to further train the model. Pure naivety, not malice. But still a data leak in the making.

What we recommend: banning doesn't work (it happens anyway). What does work: offer business subscriptions with data protection, plus a clear agreement on which data may and may not go into which tool.

4. Companies can't move fast enough

AI developments are so fast that formal business processes (drafting policy, procuring training, rolling out, monitoring) always lag. By the time AI policy is approved, everyone is using a new tool. Result: employees improvise, management has no visibility.

What we recommend: invest in people, not just in policy. An AI-literate employee makes the right choices themselves when the next tool appears. An outdated policy document doesn't. Our AI Basis Training is built precisely for this.

The EU AI Act in plain language

The EU AI Act is an ambitious piece of legislation. Legislation by nature always trails the reality of daily life; given the enormous speed of AI developments, it is remarkable that Europe has been able to plant the stakes for this law on a reasonably short timeline. A first start that classifies AI risks and names who is responsible, initially the providers of AI systems.

The law is unfortunately quite complex and now counts hundreds of pages, articles, and annexes. For most organisations, however, the core section is straightforward to summarise:

• Article 4 (AI literacy). Mandatory since 2 February 2025. Organisations must ensure that employees working with AI are sufficiently AI literate for their task. No specific hours requirement, but a results obligation.
• Risk categories. AI systems are classified into four risk levels: unacceptable (banned), high (strict requirements), limited (transparency requirements), minimal (no specific requirements).
• Responsibility. Initially with the providers of AI systems, but users (organisations deploying AI) also have their own obligations, particularly for high-risk applications.
• Penalties. Up to 3% of worldwide annual turnover or 15 million euros, whichever is higher.

For those who want to dig deeper, also read our earlier article EU AI Act: what does it mean for your team.

Take the check: is your organisation AI literate?

Three questions to assess in five minutes where your organisation stands:

1. Do we know what's running?

Do we have a clear overview of which AI tools our employees use, both official software and 'shadow AI' such as free versions of ChatGPT or Copilot?

2. Do we know how to protect data?

Does every employee know what data may and absolutely may not be entered into an AI tool, think customer data, source code, or business secrets?

3. Do we recognise the risks?

Are our teams trained to critically check AI output for errors ('hallucinations'), and do they understand that AI decisions can be biased?

Three yeses: your organisation is on the right track. Two yeses: there's work to do, but it's manageable. One or no yeses: this isn't a "later" problem anymore, this is a now-problem.

How do you address this?

The structured route to AI literacy in an organisation is in essence simple, in execution less so:

Step 1: Make a baseline measurement

Don't ask "do you know anything about AI". Do: measure with a short test or questionnaire what the baseline understanding is, which tools are already being used (officially and unofficially), and where the biggest risks lie. What you don't measure, you can't steer.

Step 2: Train on foundational skills, not on tool tricks

Most AI trainings on the market focus on "how do you use ChatGPT" or "ten prompts for productivity". That's fluffy and dates within three months. What works durably: the five skills from this article, in the right order, with practical examples from the organisation itself.

This is exactly what our AI Basis Training is built on: an e-learning with five practical modules that build the skills that don't go stale when ChatGPT-5 appears or a new tool dominates the market.

Step 3: Build infrastructure for ongoing AI questions

AI changes too fast to do one training per year. What does work: make one person in the organisation responsible for AI questions, set up an internal channel for "I came across this, is this OK?", and periodically discuss new tools or risks. Not a finished project, but an ongoing capability.

Frequently asked questions

Is AI literacy a legal requirement for my organisation?

Yes, since 2 February 2025 under Article 4 of the EU AI Act, for every organisation within the EU that deploys AI systems or has them used by employees. The form is not prescribed, the result (sufficiently AI-literate employees) is.

What if our organisation doesn't use AI?

Chances are individual employees do use AI, even without formal decision. That would still fall under Article 4. Moreover, realistically, the question is not "if" but "when" your organisation will deploy AI, so preparation is never wrong.

How long does an AI literacy training take?

That depends on what's already known. A good basic training is doable in a day (or spread over weeks in e-learning form). The five skills from this article are buildable in that time if the training is practical.

Does this also apply to government?

Yes. The EU AI Act applies to all organisations within the EU that deploy AI, including government agencies. Government often has extra responsibility because AI decisions directly impact citizens.

What's the difference between AI literacy and data literacy?

Data literacy is about understanding, interpreting, and critically using data. AI literacy is about understanding, deploying, and critically evaluating AI systems. There's overlap (critical thinking in both), but AI literacy includes extra elements such as prompting, knowing the tools landscape, and specific risks such as hallucinations.

Which tools should I know?

Start with the big three generative models (ChatGPT from OpenAI, Claude from Anthropic, Gemini from Google) and the integrated tools in your work environment (such as Microsoft Copilot). Then you can specialise toward tools for your field.

Getting started with AI literacy in your organisation

AI literacy isn't a luxury or a hype training topic. Since 2 February 2025 it has been a legal requirement, and what's far more important, it's a practical necessity for every organisation that doesn't want its employees to unknowingly take risks or miss opportunities.

Our AI Basis Training is designed around exactly the five skills from this article. An online self-paced e-learning with five practical modules, including a module on the EU AI Act, with 12 months of access. Suitable for individual employees but also deployable as an organisation-wide solution for Article 4 compliance.

Want to know more directly? Check out the AI Basis Training and see what's covered, who it's for, and what it costs.

Want to read more first? Read our guide EU AI Act: what does it mean for your team or Getting started with AI at work.